Actually end the connection when request checks fail

handlers/sensors.go

@@ -17,14 +17,17 @@ func EnvironmentSensor(
 	resp *types.EnvironmentSensor,
 ) func(http.ResponseWriter, *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
-		body := string(updateEndpointValidator(authDB, validCredentials, w, r))
+		body, err := updateEndpointValidator(authDB, validCredentials, w, r)
+		if err != nil {
+			log.Println(err)
+			return
+		}
 
 		// Parse request body
-		newState, err := strconv.ParseFloat(body, 64)
+		newState, err := strconv.ParseFloat(string(body), 64)
 		if err != nil || math.IsInf(newState, 0) {
-			log.Println("Failed to parse request body from", r.RemoteAddr, "body:", body)
-			w.WriteHeader(http.StatusBadRequest)
-			_, _ = io.WriteString(w, "HTTP request body has to be a valid float64 value != +/-Inf")
+			log.Println("Failed to parse request body from", r.RemoteAddr, "with error:", err)
+			http.Error(w, "HTTP request body has to be a valid float64 value != +/-Inf", http.StatusBadRequest)
 			return
 		}
 

handlers/state.go

@@ -16,14 +16,17 @@ func StateOpen(
 	resp *types.SpaceState,
 ) func(http.ResponseWriter, *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
-		body := string(updateEndpointValidator(authDB, validCredentials, w, r))
+		body, err := updateEndpointValidator(authDB, validCredentials, w, r)
+		if err != nil {
+			log.Println(err)
+			return
+		}
 
 		// Parse request body
-		newState, err := strconv.ParseBool(body)
+		newState, err := strconv.ParseBool(string(body))
 		if err != nil {
-			log.Println("Failed to parse request body from", r.RemoteAddr, "body:", body)
-			w.WriteHeader(http.StatusBadRequest)
-			_, _ = io.WriteString(w, "HTTP request body should either be true or false")
+			log.Println("Failed to parse request body from", r.RemoteAddr, "with error:", err)
+			http.Error(w, "HTTP request body should either be true or false", http.StatusBadRequest)
 			return
 		}
 

handlers/util.go

@@ -1,8 +1,9 @@
 package handlers
 
 import (
+	"errors"
+	"fmt"
 	"io"
-	"log"
 	"net/http"
 
 	"gitlab.hamburg.ccc.de/ccchh/spaceapid/config"
@@ -14,32 +15,28 @@ import (
 func updateEndpointValidator(
 	authDB config.HTTPBACredentials, validCredentials []config.HTTPBACredentialID,
 	w http.ResponseWriter, r *http.Request,
-) (body []byte) {
+) ([]byte, error) {
 	// Check BasicAuth credentials
 	username, password, ok := r.BasicAuth()
 	if !ok || !util.CheckCredentials(authDB, validCredentials, username, password) {
-		log.Println("Unauthorized request from", r.RemoteAddr, "Username:", username, "Password:", password)
 		w.Header().Set("WWW-Authenticate", "Basic realm=\"space-api\"")
-		w.WriteHeader(http.StatusUnauthorized)
-		return
+		http.Error(w, "", http.StatusUnauthorized)
+		return []byte{}, errors.New(fmt.Sprintf("Unauthorized request from %s Username: %s Password: %s", r.RemoteAddr, username, password))
 	}
 
 	// Check if PUT method
 	if r.Method != http.MethodPut {
-		log.Println("Wrong Method: ", r.Method, "from", r.RemoteAddr, "at", r.RequestURI)
 		w.Header().Set("Allow", http.MethodPut)
-		w.WriteHeader(http.StatusMethodNotAllowed)
-		return
+		http.Error(w, "", http.StatusMethodNotAllowed)
+		return []byte{}, errors.New(fmt.Sprintf("Wrong Method: %s from %s at %s", r.Method, r.RemoteAddr, r.RequestURI))
 	}
 
 	// Read request body
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
-		log.Println("Failed to read request body from", r.RemoteAddr)
-		w.WriteHeader(http.StatusInternalServerError)
-		_, _ = io.WriteString(w, "Failed reading HTTP request body")
-		return
+		http.Error(w, "", http.StatusInternalServerError)
+		return []byte{}, errors.New(fmt.Sprintf("Failed to read request body from %s with error: %s", r.RemoteAddr, err))
 	}
 
-	return body
+	return body, nil
 }